Strix
26.1K

CVE-2023-39300

HIGHCVSS 7.2/10EPSS 1.21%

Last modified

CVE-2023-39300 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later. EPSS estimates a 1.21% chance of exploitation in the next 30 days.

Description

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

Metrics

CVSS 3.1
7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.21%

64.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
QnapQts4.3.6.0895Build 20190328
QnapQts4.3.6.0907Build 20190409
QnapQts4.3.6.0923Build 20190425
QnapQts4.3.6.0944Build 20190516
QnapQts4.3.6.0959Build 20190531
QnapQts4.3.6.0979Build 20190620
QnapQts4.3.6.0993Build 20190704
QnapQts4.3.6.1013Build 20190724
QnapQts4.3.6.1033Build 20190813
QnapQts4.3.6.1070Build 20190919
QnapQts4.3.6.1154Build 20191212
QnapQts4.3.6.1218Build 20200214
QnapQts4.3.6.1263Build 20200330
QnapQts4.3.6.1286Build 20200422
QnapQts4.3.6.1333Build 20200608
QnapQts4.3.6.1411Build 20200825
QnapQts4.3.6.1446Build 20200929
QnapQts4.3.6.1620Build 20210322
QnapQts4.3.6.1663Build 20210504
QnapQts4.3.6.1711Build 20210621
QnapQts4.3.6.1750Build 20210730
QnapQts4.3.6.1831Build 20211019
QnapQts4.3.6.1907Build 20220103
QnapQts4.3.6.1965Build 20220302
QnapQts4.3.6.2050Build 20220526
QnapQts4.3.6.2232Build 20221124
QnapQts4.3.6.2441Build 20230621
QnapQts4.3.6.2665Build 20240131
QnapQts4.3.4.0899Build 20190322
QnapQts4.3.4.1029Build 20190730
QnapQts4.3.4.1082Build 20190921
QnapQts4.3.4.1190Build 20200107
QnapQts4.3.4.1282Build 20200408
QnapQts4.3.4.1368Build 20200703
QnapQts4.3.4.1417Build 20200821
QnapQts4.3.4.1463Build 20201006
QnapQts4.3.4.1632Build 20210324
QnapQts4.3.4.1652Build 20210413
QnapQts4.3.4.1976Build 20220303
QnapQts4.3.4.2107Build 20220712
QnapQts4.3.4.2242Build 20221124
QnapQts4.3.4.2451Build 20230621
QnapQts4.3.4.2675Build 20240131
QnapQts4.3.3.0174Build 20170503
QnapQts4.3.3.0868Build 20190322
QnapQts4.3.3.0998Build 20190730
QnapQts4.3.3.1051Build 20190921
QnapQts4.3.3.1098Build 20191107
QnapQts4.3.3.1161Build 20200109
QnapQts4.3.3.1252Build 20200409

Showing 50 of 64 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2023-39300?
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later
How severe is CVE-2023-39300?
CVE-2023-39300 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 1.21% probability of exploitation in the next 30 days.
How do I fix CVE-2023-39300?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-39300?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST